Internal Audit

1.0 Purpose & Description

The purpose of this Procedure is to describe how El Seif Operation and Maintenance Company
(ESOM) control, manage, implement and maintain the Internal Audit programme.
This procedure aims to:

Identify clearly the procedure to be followed by all parties involved during the different stages
of internal audit implementation and maintenance.

Give detailed explanation of how to complete the activities within the process to be used as a
guideline for ESOM Management and staff.

Identify all relevant supporting information

2.0 Scope
This procedure is applicable to ESOM management and staff.
3.0 Contractual Obligation
This procedure addresses requirements as contained in standards and client contractual documents.
4.0 Controlled Distribution List
Copy No.

Document Owner

Location

Master

IMS Manager

IMS Directory

5.0 Related Documents

Doc. No.
IMS-QAL-02-00000-01

Document Description
IMS Manual

6.0 Cross References

Standard

Requirement

ISO 14001

4.5.4

OSHAS 18001

4.5.4

ISO 9001

8.2.2

El Seif 2013
Uncontrolled when printed
ESOM -IMS Procedure
Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 1 of 9

Internal Audit
7.0 Authority and Responsibility

Operations Director (OD)

Project Manager (PM)
Head of Departments (HOD)
IMS Manager (IMS)
All Staff

8.0 Input & Output

8.1 Input

Scheduled planned audit.

Un-scheduled audit.
Client request/requirement.
3rd party request.
Audit checklist
End user request

8.2 Output

Audit report.
Corrective and Preventive action reports.
Audit questionnaire
Certification

El Seif 2013
Uncontrolled when printed
ESOM -IMS Procedure
Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 2 of 9

Internal Audit
9.0 Process Flow Chart

El Seif 2013
Uncontrolled when printed
ESOM -IMS Procedure
Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 3 of 9

Internal Audit

10.0 Process Definition

This procedure describes the processes involved when planning, implementing and maintaining the
internal audit programme within ESOM. Internal audits are done to ensure that the documented IMS
System is being implemented and maintained by all ESOM management and staff and to verify if the
IMS remains effective.
All auditors shall be independent from the activity being audited.
All HODs/process owners/auditees shall be required to offer full support and cooperation to the
auditor when being audited.
Audit Authority and Responsibility
IMS Manager

Responsible for planning the Audits and informing HODs Managers of intended audit times
and dates well in advance.
El Seif 2013
Uncontrolled when printed

ESOM -IMS Procedure

Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 4 of 9

Internal Audit

Shall retain records of all audits done and raise the relevant corrective and preventive action
reports as required.

IMS Auditor

Generate Audit Reports.

Complete audits on the scheduled date and time.
Ensure any issues raised, deficiencies found at previous audits have been rectified/resolved.
Offer suggestions and recommendations where possible for improvement.
Shall ultimately be responsible for making certain audits are completed and that any actions
arising from them are subsequently agreed, implemented, monitored and closed-out.

HOD

Implementing and maintaining the IMS system.

Responsible for allocating the time and resources for the auditor to complete the audit.
Shall be responsible for making sure all actions are completed within the time scales agreed.
Responsible for highlighting any concerns from previous audits done (if applicable).

Auditees

Full co-operation with the auditor.

Ensuring that a constructive and positive attitude is maintained throughout.

Types of audits
There are basically four types of audits:

Scheduled Audits,
Un-scheduled Audits,
Client related Audits,
External Audits.

Scheduled
These are formally documented audits on specific areas within ESOM and shall basically cover
compliance with the IMS system and the function and integration of the area (e.g. to identify new
tasks or changes, which require changes to, or new procedures etc.).
Un-scheduled
These audits are done as and when required. They normally occur when an area of non-conformance
(including problems) is identified in a particular area.

Client Audits
These are audits can be done on any projects/sites by any one of our clients if requested. Audits shall
confirm compliance with relevant IMS processes as issued from the IMS Toolbox throughout the
complete life-cycle of a project. If at the time of a project audit the complete life-cycle cannot be
audited than one aspect of the project (i.e. contract review) may be verified.
El Seif 2013
Uncontrolled when printed
ESOM -IMS Procedure
Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 5 of 9

Internal Audit
External Audits
These audits shall be completed by a certification body and shall verify compliance to ISO 9001, ISO
14001 and or OHSAS 18001 whichever is applicable. It shall include both the system as well as the
process.
Planning the Audit
The IMS Manager shall be responsible for planning the audit to be done. The audit may either be
scheduled (i.e. from the IMS audit plan) or an un-scheduled audit arranged due to concerns in a
particular area.
The IMS Manager shall be responsible for producing an IMS Audit Plan, which shall highlight the
audits to be done throughout the year within ESOM. The frequency of the audits shall depend on the
areas of risks identified within the client/department/process and their importance and the added
value to ESOM.
The auditor shall prepare for the audit taking into account the following criteria:

Feedback from previous audits

Existing procedures
ISO 9001, 14001 and OHASA 18001 requirements
End user specific requirements

From the above information the auditor shall be able to produce an audit checklist / guideline to
serve as an aide memoir for the areas to be audited. The auditor needs to familiarise himself with the
process to be audited and hence make sure detailed questions are prepared for any risk areas.
Inform HOD
The IMS Manager will advise the departments when the applicable Audit will take place at least 24
hours prior to the Audit taking place.
The auditor shall inform the HOD about the intention to do an audit on a particular process.
If the Auditees/process owner cannot make the appointed date and time (i.e. due to other deadlines)
then an alternative date will need to be agreed upon and the audit schedule shall be revised to
accommodate new dates.
Conducting the Audit
Audits shall be carried out by internal auditors on all of ESOM against a defined audit plan twice a
year.
Audits of the IMS, process and/or product shall be carried out by the designated Internal Auditor,
independent of those having direct responsibility for the work being performed. Audits shall be
scheduled for a six month period. All Auditors shall be independent from the activity that they Audit.
Where problem areas are identified, changes will be hand written in by the auditor on the actual
document Audited with a different colour ink than black, signed and dated at the top of each page.
A summary of the results of these audits will be submitted at the Management Review Meetings, and
problem areas identified may be highlighted at these meetings.
The Internal Auditor, or Audit Team, will be nominated by the IMS Manager, prior to the audit.
El Seif 2013
Uncontrolled when printed
ESOM -IMS Procedure
Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 6 of 9

Internal Audit
The criteria for internal quality audits are:
a) Does the procedure reflect actual practices?
b) Does the procedure need elaboration to reflect actual practice or must actual practices be changed
back to coincide with procedural requirements.
The auditor cannot check each and every record; hence a sample of records shall be audited. The
auditor shall remember the show me principle and make sure it is used when the Auditees answers,
This is how we do it (i.e. look for evidence whilst the activity is being demonstrated).
A copy of the actual Procedure or document will be used as an Audit checklist, and this document will
be used as the criteria to audit the activity or function. The auditor will date and sign every page of the
document audited, and add comments if applicable.
The actual copy of the Procedure or Work Instruction will be used as a checklist, once the audit is
completed an Audit Report IMS-QAL-04-00000-22 will be generated and suitable corrective action
taken if required.
Unplanned audits will be conducted by a designated Internal Auditor as and when problems or nonconformances arise in any area or process at any time during the year.
The actual Audit Copy of the Policy, Procedure or document will be attached to the Audit Report IMSQAL-04-00000-22 and filed as record of the audit.
Any outstanding actions from previous audits shall be checked and verified as complete before
proceeding with the audit, any CARs outstanding shall be addressed prior to audit start.
Standard Audit Questionnaire
A Standard Audit Questionnaire Working Copy IMS-QAL-04-000-20 is available and can be used to
measure the total implementation of a suitable and effective IMS and the Audit Report and Gap
Analysis Template IMS-QAL-04-000-21 can be completed after completion of this exercise.
Classification of Audit Findings
Critical

Total failure/absence of a critical process.

Lack of procedures in place for the process being audited.
Total neglect of procedures within critical processes.
Failure of multiple major processes.
Statutory non-compliance.
OHSAS/ISO non-compliance.

Major

Repetition/recurrence of minor non-conformances.

Failure by employees to follow the procedures.
Fields not completed in reports etc. (multiple cases).
Errors within a critical process.

Minor

Minor drop-off in the process, which can usually be rectified at the time of the audit.
El Seif 2013
Uncontrolled when printed

ESOM -IMS Procedure

Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 7 of 9

Internal Audit

Problems not affecting the service HSEQ or reliability.

Typographical errors within records/documents.
Errors within non-critical processes.

Producing the Audit Report

The auditor shall generate an audit report within one week after completion of the Audit.
The Auditor, HOD and IMS Manager shall sign the audit report. If corrective and preventive actions
are required they shall be generated and monitored as per the Corrective and Preventive action
procedure.
Close-out of Audit findings
The audit shall be considered to be closed-off once the audit report has been completed together
with the process of raising corrective and preventive actions. Confirmation of closure is required for all
corrective and preventive actions together with evidence that the proposed actions have been
effective. This may be established at the next audit (if practical).
If a formal corrective action report is raised the audit may be closed prior to these actions being
completed as the action is now monitored using a separate system (Corrective Action Procedure).
Feedback to Management Review
The requirement to report all audit findings is of paramount importance and a requirement of
OHSAS/ISO. It shall be an agenda item for the Management Review meetings.
This gives the OD and HODs an indication of how well the company is adhering to the IMS system.
An opportunity to discuss the escalation of incomplete actions by the due date shall be made
available.
Internal Audit register
Each Audit completed will be added to the Internal audit Register and given a unique audit number.
IMS Integrated Management System
001- Sequential number
13 - Year
11.0 Key Performance Indicators (KPI)
The following KPIs have been identified:

100%
1 week

Planned complete audit

Produce audit report

12.0Audit Points
The following audit points should be checked:

Audits completed as per procedure,

Audits done as per scheduled,
Effective audit closure,
Audits done as per the importance of the activity,
El Seif 2013
Uncontrolled when printed

ESOM -IMS Procedure

Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 8 of 9

Internal Audit

Correct forms / records completed

Audit reports generated
Corrective actions raised and monitored

13.0 Records
The following records are to be held as an outcome of this procedure:
Record No.

Record Description

IMS-QAL-04-00000-20

Internal Audit Questionnaire

IMS-QAL-04-00000-22

Audit Report

IMS-QAL-04-00000-23

Internal Audit Register

IMS-QAL-04-00000-24

Internal Audit Planner

IMS-QAL-04-00000-27

Corrective/preventive Action Request

14.0 Approval
Date

Designation

Name

Signature

IMS Manager

El Seif 2013
Uncontrolled when printed
ESOM -IMS Procedure
Approved:

IMS Manager

Revision: 02

Doc. Owner: IMS Department

Doc. ID: IMS-QAL-03-00000-13

Page 9 of 9